Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null deprecation in UnserializeArray.php #4352

Open
kiatng opened this issue Nov 13, 2024 · 6 comments · May be fixed by #4394
Open

Null deprecation in UnserializeArray.php #4352

kiatng opened this issue Nov 13, 2024 · 6 comments · May be fixed by #4394
Labels

Comments

@kiatng
Copy link
Contributor

kiatng commented Nov 13, 2024

Array
(
    [type] => 8192:E_DEPRECATED
    [message] => unserialize(): Passing null to parameter #1 ($data) of type string is deprecated
    [file] => .../app/code/core/Mage/Core/Helper/UnserializeArray.php
    [line] => 32
)

Preconditions (*)

  1. PHP 8.3

Steps to reproduce (*)

$value = 'wrong user or deleted user';
Mage::getModel('admin/user')->load($value, 'username');

Trace:
[1] .../app/code/core/Mage/Core/Helper/UnserializeArray.php:32
[2] .../app/code/core/Mage/Admin/Model/Resource/User.php:470
[3] .../app/code/core/Mage/Admin/Model/Resource/User.php:171
[4] .../app/code/core/Mage/Core/Model/Resource/Db/Abstract.php:385
[5] .../app/code/core/Mage/Core/Model/Abstract.php:285

Discussion

There are many potential errors, see https://github.com/search?q=repo%3AOpenMage%2Fmagento-lts+Mage%3A%3Ahelper%28%27core%2FunserializeArray%27%29&type=code

Not sure how best to fix this: go through each call to unserialize() or fix in Mage_Core_Helper_UnserializeArray.

@kiatng kiatng added the bug label Nov 13, 2024
@Hanmac
Copy link
Contributor

Hanmac commented Nov 13, 2024

This one is especially tricky, because when your product option is a non-numeric string (from a text-input) it causes a warning too:

$parser = Mage::helper('core/unserializeArray');
$_itemOptionValue =
is_numeric($itemOptionValue) ? $itemOptionValue : $parser->unserialize($itemOptionValue);
$_optionValue = is_numeric($optionValue) ? $optionValue : $parser->unserialize($optionValue);

@sreichel
Copy link
Contributor

For some reason the error does not get triggered - only with manual testing unserialize(null).

@kiatng
Copy link
Contributor Author

kiatng commented Nov 27, 2024

For some reason the error does not get triggered - only with manual testing unserialize(null).

It's captured in error_get_last() in Mage::getModel('admin/user')->load('wrong user or deleted user', 'username');

@sreichel
Copy link
Contributor

Not sure how best to fix this: go through each call to unserialize() or fix in Mage_Core_Helper_UnserializeArray.

Id suggest adding that to Mage_Core_Helper_UnserializeArray.

$str = is_null($str) ? '' : $str;

@kiatng
Copy link
Contributor Author

kiatng commented Nov 28, 2024

Not sure how best to fix this: go through each call to unserialize() or fix in Mage_Core_Helper_UnserializeArray.

Id suggest adding that to Mage_Core_Helper_UnserializeArray.

$str = is_null($str) ? '' : $str;

Check for string type:

if (!is_string($str) || $str === '') {
   throw new Exception('Error unserializing data.');; // current behavior
}

See https://onlinephp.io/c/8857c5

kiatng added a commit to kiatng/magento-lts that referenced this issue Nov 28, 2024
@sreichel
Copy link
Contributor

Turning null into string was only for the deprecation notice.

Can you try to add "@" before unserialze() instead of your change?

Lets merge before changes #4389 ... this covers current behavoir.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants